I am sure, you must have worked really hard to create an innovative WordPress website. Your future depends on the health of your website therefore, it is important to have a secure WordPress website. Every week, Google blacklist around 20,000 websites for malware and around 50,000 for phishing activity! So, if you are damn serious about your website and blogging career, then you can’t overlook security of your website!
By far, WordPress is an open source Content Management System (CMS). It is a free tool which helps you to create blogs or websites. WordPress is based on PHP and MySql. Since WordPress is frequently updated by many developers, the core files are secured. But there is a lot more you can achieve! There are dozens of themes and plugins available to you.
Why is Website security important?
Search Engines and users are not very fond of a hacked website. If your website is hacked, the malicious code can edit your webpage content or redirect your users to a different (bad) website. This will impact your page ranking and organic traffic. In worst cases, your data can be hacked and you will end up paying a huge amount to hackers just to regain your data!
10 Simple ways to secure your WordPress Website
Today, let’s look at some simple tricks to secure your WordPress website. Security is not about risk prevention but it is also about risk reduction.
1. Select a right Host
Webhosting is a service provided by a web host company for your website. Once you register a domain name for your site, you need a web host so that people can access your website online. A good web hosting site is like a good School. It helps you with all your technical doubts. A web host provides you with 24/7 support.
- A good Host updates their software, tools and security policies to avoid any malicious activity.
- You will also get access to a Web Application Firewall (WAF). This will help you to monitor and block serious threats to your website.
- Your web hosting company will also provide you with backups. So, even if your data is hacked, you have a backup!
- A good Host provides you with 24/7 support via email, phone or live chat.
If you want to know about Best WordPress web hosting sites, read here.
2. Update your website
Search engines are fond of dynamic websites. Is your business important to you? Then, frequently updating your website is a must. Updating your website regularly represents that your business is well organized and it creates a good impression on your visitors.
Few things to keep in mind while updating your website:
- Keep your content unique and real. Stick to relevant keywords.
- Update website design frequently.
- Keep your website secure from malware and attackers.
- Update your plugins (for WordPress users)
WordPress is a free and open source platform, therefore, it automatically installs minor updates for you. There are many free plugins for you as well.
3. Use HTTPS
SSL and TLS certificates help you to switch to HyperText Transfer Protocol Secure (HTTPS) which is a more secure version of HTTP. Have you ever noticed a padlock sign or HTTPS on banking sites? This is because banking sites involves personal details of the users and it’s important to keep their data safe!
HTTP is the protocol that transfers data/information between your site and any other browser trying to access it. When a visitor clicks on your web page, all the webpage content, multimedia, and website code are sent through HTTP to the visitor’s location. This is necessary but kind of risky. Your data can be intercepted.
HTTPS solves this security problem! Just like HTTP, HTTPS transfer the data between website and browser but it encrypts your site’s data while traveling from one point to another.
4. Secured and strong login credentials
You might take this lightly but it is a very important thing when it comes to the security of your website. We all know about strong password and no password sharing but somehow, down the line, we tend to fall into the trap! Reasons, why people don’t like to use strong passwords, is that they aren’t easy to remember. If that’s the case with you, you can make a note of the password and keep it in a safe place! And do not share your WordPress password with anyone else.
If you are working as a huge team, then make a note of all the roles and responsibilities and give limited access to your guest authors. Make sure you have a strong and unique password not just for your WordPress login but also for FTP client-server or for cPanel. You can’t compromise on this.
5. Enable Web Application Firewall (WAF)
Firewall is a program that blocks unwanted traffic, malware any malicious attack. A WAF is a firewall designed especially for websites! This is the easiest and secure way to keep your website safe from attacks. WAF blocks all the malicious traffic before it reaches to your site!
Sucrui is the best WAF for WordPress website. This will protect your site from tons of attacks without even adding a lot of clutter to your website. Sucuri also comes with malware cleaner and will fix your website from any hacks.
6. Disable File Editing
Common peeps! You don’t want anybody else to edit your file without your permission! WordPress provides you with inbuilt code editor in your dashboard. This allows you to edit your themes or any function! This kind of scary! Why? Imagine your password is in wrong hands, and phew! All your contents are changed! This is why security is important.
It is therefore very important to disable file editing in WordPress. Follow this steps:
- Open wp-config.php file
- Add following statements
define( ‘DISALLOW_FILE_EDIT’, true );
7. Limits Login Attempts
I am sure you don’t want to give enough login attempts to strangers. Limit your login attempts to be on a safe side. By default, WordPress has no login attempt limitations. This makes it vulnerable! Well, you can help yourself.
\If you are using website application firewall, then you don’t have to worry about failed login attempts. It will take care of it. And if you are not using WAF then follow these steps:
Install and activate the “Login LockDown plugin.”
After activation, visit Settings > Login LockDown page to setup the plugin.
8. Database prefix
WordPress uses wp_ as the prefix for all tables in your database. So, if you are using the default WordPress prefix, hackers can guess your tables names and database easily! Therefore, it is important to change your database prefix.
9. Disable directory indexing and browsing
Hackers can use directory browsing to find out any files with known vulnerabilities. If they find any such files, they can easily access the files.
Other people can also use directory browsing to look into your files or find directory structure or other related information. Therefore, it is recommended that you turn off directory indexing and browsing.
Steps to follow:
- Connect to your website using FTP or cPanel’s file manager.
- Locate the .htaccess file in your website’s root directory.
- Add the following line at the end of the .htaccess file:
10. Two-factor Authentication
You might have to invest some time in this but it will definitely help you out! Two-factor authentication (TFA) is a process which involves your smartphone or other devices to verify your login details. Have you heard about OTP? Two-factor authentication is similar to it.
You have to enter your username, once you are done with it, you will get a verification code on your device or smartphone. You just need to enter the code. This process will ensure that your identity is secured and verified!
You can enable this feature using Two Factor Authentication plugin. It is free and from the author’s of UpDraftPlus!
- Supports standard TOTP + HOTP protocols.
- Displays graphical QR codes. This allows you to scan using apps on your phone/tablet
- TFA can be made available on a role basis.
- TFA can be turned on or off by each user.
I hope, you will try these simple tricks to keep your WordPress website safe and secured from any malicious attacks!
Tech-savvy and a passionate blogger. I have done software engineering from the University of Mumbai. Technology Specialist 2.0 in DOT NET. I also have my personal website http://glamourbytes.com/